Outside Source
Key Takeaways:
- Bybit launches a $140 million recovery bounty program to track down perpetrators of a $1.4 billion Ethereum heist.
- There is a bounty program that rewards ethical cybersecurity experts with up to 10% of the recovered funds.
- The exchange has also obtained liquidity to keep processing withdrawals and to protect customer funds.
A major security breach of crypto exchange Bybit has led to the theft of $1.4 billion in Ethereum and related tokens In a move to combat the challenge, Bybit has set forth a bold initiative – the $140 million Recovery Bounty Program designed to mobilize the global community of cyber security experts.
In the Search for the Hackers, a $140 Million Bounty
The initiative aims to bring in cybersecurity and crypto analytics experts to help trace and recover the stolen assets. The payoff is significant: up to 10 percent of any assets recovered. That could translate to a whopping $140 million if the entire amount is recovered, representing one of the largest crypto recoveries in history. Bybit is offering this significant bounty as an incentive for ethical hackers to help recover the stolen funds.
The size of the bounty reflects the seriousness of the situation. This isn’t just about recovering lost assets; it’s about sending a strong message that such attacks will not be tolerated, and the crypto community will unite to fight back.
The Anatomy of the Hack: A Multisig Vulnerability Exploited?
401,347 ETH (≈$683M or ~0.2% Ethereum’s base money supply) were lost during the breach on Friday evening. 90,376 stETH (253 million), 15,000 cmETH (44 million), and 8,000 mETH (23 million) in Ethereum from Bybit’s cold wallet. Preliminary investigations indicate a complex exploit of Safe’s multisig wallet infrastructure. The hackers allegedly persuaded the Bybit team to sign a transaction that gave them control over the smart contract logic for the cold wallet.
In a live stream, Bybit CEO Ben Zhou described the sophisticated nature of the attack. “[…] The hacker changed that transaction into upgrading or changing the Safe smart contract logic so that he gained control over the entire Ethereum cold wallet.”
However, this so-called exploit is troubling as multisig wallets are a popular method of keeping funds secure in the crypto space. That such a secure platform as Safe could be compromised suggests that no sophisticated security measures are immune to well-resourced attackers.
More News: ZachXBT Identifies Lazarus Group as Bybit $1.4B Hackers, Wins Arkham Bounty
Community Care and Ongoing Operations
Despite the severity of the attack, Bybit is dedicated to continuing business as usual. It is processing withdrawals and has secured a bridge loan for 80% of the Ethereum it lost. This is an important step in reassuring customers and retaining confidence in the platform.
Bybit has also received support from major exchanges like Binance and MEXC, which are actively monitoring blockchain transactions to prevent money laundering. Ben Zhou welcomed the industry’s support, saying, “Within 24 hours of the event, we were overwhelmed with support from some of the best people and organizations in the industry.”
This joint effort shows how interconnected the crypto community is. When one person attacks, the whole ecosystem feels the effects and can almost always rush to help.
Still Under Investigation And Improving Security
Bybit is currently conducting a full forensic investigation with law enforcement, cybersecurity experts, and Safe’s developers. The aim is to figure out the specifics of the vulnerability and to avoid similar situations in future. The investigation will center on whether the attack originated from a particular Safe multisig exploit or a more general infrastructure hack.
“We have shared in a dark moment of crypto history, and we’ve proven we are better than the malicious actors,” said Ben Zhou, co-founder and CEO of Bybit, emphasizing the platform’s ongoing commitment to progress with improved security and liquidity as well as continued support of the crypto community.
Although the investigation is still underway, it is crucial for Bybit to act quickly to strengthen its security systems. The company will probably re-examine its wallet management procedures, access controls and smart contract security practices.
How to Participate in the Bounty Program: Join the Hunt
The bounty program is open to individuals or groups with expertise in blockchain forensics, security analysis, and fund recovery. If you have relevant skills, drop us a line at [email protected]. The exchange is looking for individuals or organizations with experience in the following areas:
- Blockchain Forensics: Specializing in following the money trail and detecting behaviors of criminal activities
- Experience: Extensively has experience in recovering stolen crypto through legal or technical means.
- Fund Recovery: Experience in recovering stolen crypto assets through legal or technical means.
Wider Ramifications for Crypto Security
The Bybit hack is a stark reminder of the security risks that persist in the crypto space. Although blockchain technology has many benefits, it is also susceptible to advanced attacks. This simply points out the need for:
- Enhanced Security Measures: Exchanges and wallet providers must invest in robust security measures to protect user funds.
- Cross-industry Collaboration: The entire crypto ecosystem has to come together to share intelligence and create industry standards for security.
- Enhanced Smart Contract Security: Ensure smart contracts undergo thorough auditing and rigorous testing before deployment.
The crypto community should learn from this incident and take action to mitigate future risks. As the industry matures, it will have to prioritize security. The Ledger exploit is just one of the recent examples that makes even hardware wallets not entirely safe and proves the necessity of continually updating security protocols.
The Bybit Recovery Bounty Program is a pioneering approach in the fight against crypto crime. By offering rewards to ethical hackers who can help recover stolen funds, Bybit is also proactively seeking accountability among criminals and enhancing the security of the crypto landscape.
This article first appeared at CryptoNinjas
